Re: Cannot access cRIO behind NAT firewall with MAX

The issue can be corrected in MAX. MAX should ignore the local address in the cRIO configuration, but use the external ip address that I specify when I use the "Remote Device (not on the local subnet)" search function.

Re: Cannot access cRIO behind NAT firewall with MAX

Whether the issue is from MAX or the cRIO is a "chicken and egg" problem. I think I will try a hack work around when I get my system back online. This is to set the local cRIO IP address to the same address as my remote router's static WAN side IP address. If my low end router can handle the WAN and LAN address ranges being the same, this may work. It is the only thing I can think may work at this point.

I am personally far more interested in getting the remote target (cRIO) to connect through a LabVIEW project than through MAX. I have been using the MAX connection as the first step.

Re: Cannot access cRIO behind NAT firewall with MAX

Here is an excerpt from the response I got from NI about using a NI-9163 behind a NAT firewall and may be applicable to the cRIO issue as well.

"... The 9163 modules uses a Datagram Delivery Protocol (DDP) broadcast to communicate with MAX at any level deeper than purely being able to recognize the device. With this sort of protocol, the actual address of the device, in this case the 9163, is embedded in the packet instead of the NAT address which is the only way that MAX would be able to interact with the device through the firewall. Using the hardware you are using, we aren't sure that this device will be able to communicate through the NAT firewall..."

"... Our cDAQ 9181 and 9191 devices use a different protocol, mDNS, to communicate between the device and MAX. The NAT firewall should not cause any issues with these devices..."

So I have to upgrade to get this to work, a solution I am willing to do.

Re: Cannot access cRIO behind NAT firewall with MAX

Hopefully the cDAQ-918x or cDAQ-9191 will be able to meet your needs. One limitation you may want to be aware of, though, is that accessing the device across a NAT boundary does require forwarding all of the ports (indicated in the specifications for those chassis) to a specific IP 'inside' the NAT. So, you wouldn't be able to hook up many cDAQ chassis across a NAT from your host and expect them all to work because the port selection isn't dynamic.

Before we released the cDAQ-9188 (8-slot ethernet), I took one home and hooked it up behind my home router and then forwarded all of the ports listed in the documentation to the cDAQ-9188 client. After that, I could Add and Reserve it in MAX from my machine at the NI offices by pointing the DAQmx configuration at the IP address of my home router as assigned by my ISP. But, we do not support dynamic port assignment for services or other protocols that might or might not allow using multiple chassis behind a NAT, unfortunately.

Re: Cannot access cRIO behind NAT firewall with MAX

The firewall we are using is an enterprise class firewall. We will configure it with a 1to1 NAT so no port forwarding is needed. Then I will write rules to only allow the required traffic in to the device.

But yes depending on the hardware being used it could be a problem using port forwarding for multiple devices.

Re: Cannot access cRIO behind NAT firewall with MAX

Except the "solution" fails to mention that port 44525 (Ethernet Target Device Discover) only used when the cRIO and PC are on the same subnet. If we were all on a local subnet /w our cRIO targets, none of us would have had a problem. What I'm hoping for is the port numbers and type of connection (TCP, UDP, ...) for all connections required to connect to a remote target, on the other side of a firewall, from a LabVIEW project. If I have a chance to take a simple home router to work I may come with that list myself.

Is the MAX discovery only process that changes ports if the target is on a local subnet vs. external WAN?

Re: Cannot access cRIO behind NAT firewall with MAX

Except the "solution" fails to mention that port 44525 (Ethernet Target Device Discover) only used when the cRIO and PC are on the same subnet. If we were all on a local subnet /w our cRIO targets, none of us would have had a problem. What I'm hoping for is the port numbers and type of connection (TCP, UDP, ...) for all connections required to connect to a remote target, on the other side of a firewall, from a LabVIEW project. If I have a chance to take a simple home router to work I may come with that list myself.

Is the MAX discovery only process that changes ports if the target is on a local subnet vs. external WAN?